6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
IBM DB2 is a relational database management system from International Business Machines (IBM). The system’s execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 versions 3.5, 4.0, and 4.5 are vulnerable to cross-site request forgery, which stems from WEB applications that do not adequately verify that requests come from trusted users. An attacker could use the vulnerability to spoof malicious requests to trick victims into clicking to perform sensitive actions.
CPE | Name | Operator | Version |
---|---|---|---|
ibm ibm db2 | eq | 3.5 | |
ibm ibm db2 | eq | 4.0 | |
ibm ibm db2 | eq | 4.5 |